Disabling PGP in Apple Mail with GPGTools

Researchers have developed code exploiting several vulnerabilities in PGP (including GPG) for email. In response, EFF’s current recommendation is to disable PGP integration in email clients.

Disabling PGP decryption in Apple Mail requires deleting a “bundle” file used by the application. Your existing keys will remain available on your machine.

1. First, click the Mail icon in the dock.

2. Click “Mail” in the menu bar on the top of the screen, and select “Quit Mail.” This is to make sure it’s shut down completely before we continue.

3. Click the Finder icon in the Dock.

4. Click the “Go” menu in the menu bar on the top of the screen, and select “Go to Folder…”

5. This will open the “Go to Folder” window. Type this exact text: /Library/Mail/Bundles

5. At this point, you may see a folder with the “GPGMail.mailbundle” file. (If you don’t, return to step two, and in step 3 instead type exactly ~/Library/Mail/Bundles. You can type the ~ (tilde) character by holding shift and pressing the ` key, located directly below Esc on most keyboards.)

6. Move the file “GPGMail.mailbundle” to the trash, either by dragging it to the trash icon on the dock or by right-clicking it and selecting "Move to Trash."

6. At this point, you may be prompted to type your macOS administrator password. Type it in, and hit the “enter” key.

You may see the file deletion dialogue displayed on the screen.

Once the GPGMail.mailbundle file is in your trash, your emails will not be automatically decrypted in Apple Mail.

Related Updates

This report describes “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future. Between July 7th and August 8th of 2017 we observed almost 70 spearphishing attempts against employees of internet freedom NGOs Fight for the...

This summer 143 million Americans had their most sensitive information breached, including their name, addresses, social security numbers (SSNs), and date of birth. The breach occurred at Equifax, one of the three major credit reporting agencies that conducts the credit checks relied on by many industries, including landlords, car lenders...

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it's becoming much more common across the web. With often just a few clicks in a given account's settings, 2FA adds an extra layer of security to your online accounts...

Some of the most worrying kinds of attacks are ones that exploit users’ trust in the systems and softwares they use every day. Yesterday, Cisco’s Talos security team uncovered just that kind of attack in the computer cleanup software CCleaner. Download servers at Avast, the company that owns CCleaner...

Since 2014, our digital security guide, Surveillance Self-Defense (SSD), has taught thousands of Internet users how to protect themselves from surveillance, with practical tutorials and advice on the best tools and expert-approved best practices. After hearing growing concerns among activists following the 2016 US presidential election, we pledged...

Every year, EFF has lawyers with its Coders’ Rights Project on hand in Las Vegas at Black Hat, B-Sides and DEF CON for security researchers with legal questions about their research or presentations. EFF’s Coders’ Rights Project protects programmers, researchers, hackers, and developers engaged in cutting-edge exploration of technology...

Law Enforcement Should Not Be Able to Bypass the Fourth Amendment to Search Your Devices Sending your computer to Best Buy for repairs shouldn’t require you to surrender your Fourth Amendment rights. But that’s apparently what’s been happening when customers send their computers to a Geek Squad repair facility in...

Over the weekend a cyber attack known as "WannaCry" infected hundreds of computers all over the world with ransomware (malware which encrypts your data until you pay a ransom, usually in Bitcoin). The attack takes advantage of an exploit for Windows known as...

Intel’s CPUs have another Intel inside. Since 2008, most of Intel’s chipsets have contained a tiny homunculus computer called the “Management Engine” (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the...